Published: 10/03/2020 Updated: 12/03/2020

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 4.3 | Impact Score: 1.4 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

The selection query in SAP Treasury and Risk Management (Transaction Management) (EA-FINSERV?versions 600, 603, 604, 605, 606, 616, 617, 618, 800 and S4CORE versions 101, 102, 103, 104) returns more records than it should be when selecting and displaying the contract number, leading to Missing Authorization Check.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sap treasury and risk management \\(ea-finserv\\) 600
sap treasury and risk management \\(ea-finserv\\) 603
sap treasury and risk management \\(ea-finserv\\) 604
sap treasury and risk management \\(ea-finserv\\) 605
sap treasury and risk management \\(ea-finserv\\) 606
sap treasury and risk management \\(ea-finserv\\) 616
sap treasury and risk management \\(ea-finserv\\) 617
sap treasury and risk management \\(ea-finserv\\) 618
sap treasury and risk management \\(ea-finserv\\) 800
sap treasury and risk management \\(s4core\\) 101
sap treasury and risk management \\(s4core\\) 102
sap treasury and risk management \\(s4core\\) 103
sap treasury and risk management \\(s4core\\) 104

CWE-862 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305 https://launchpad.support.sap.com/#/notes/2841874 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2020-6204

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect